CONFERENCE Cyber AI & Automation Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Noteworthy stories that might have slipped under the radar: ENISA and NCSC release cybersecurity reports, abuse of Cloudflare services, FBI warns of gen-AI enabling fraud. 

Data privacy solutions provider Ethyca has raised $10 million in a funding round led by Aspenwood Ventures and AVP.

SonicWall has released patches for multiple high-severity flaws in the SMA100 SSL-VPN secure access gateway.

Atrium Health has notified the HHS of a data breach impacting 585,000 individuals, and the incident may be related to online tracking.

Google has announced the open source availability of Vanir, a patch validation tool for Android platform developers.

WatchTowr has published proof-of-concept (PoC) code for an unpatched vulnerability in the Mitel MiCollab enterprise collaboration platform.

A California teen suspected of being a Scattered Spider member left a long trail of evidence and even used an FBI service to launder money.

A critical directory traversal vulnerability in the SailPoint IdentityIQ IAM platform exposes restricted files to attackers.

Japanese device maker confirms zero-day router exploitation and warn that full patches won’t be available for a few weeks.

SecurityWeek’s Cyber AI & Automation Summit took place on December 4th, as an online event.

The newly discovered DroidBot Android trojan targets 77 banks, cryptocurrency exchanges, and national organizations.

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

Video platform Vimeo has appointed Ryan Weeks as Chief Information Security Officer.

LPL Financial has welcomed Renana Friedlich as Chief Information Security Officer.

More People On The Move
China Telecom Hack China Telecom Hack

A top White House official said at least eight U.S. telecom firms and dozens of nations have been impacted by a Chinese hacking campaign.

Russian APT zero-day Russian APT zero-day

Russia’s Turla hackers hijacked 33 command servers operated by Pakistani hackers who had themselves breached Afghanistan and Indian targets.

Solana Web3 supply chain attack Solana Web3 supply chain attack

Supply chain attack leads to decentralized application developers downloading backdoored versions of the Solana Web3.js library.

Top Cybersecurity Headlines

McInerney’s path to becoming a hacker is subtly different to many other hackers. He started as a 22-year old psychology graduate rather than a computer-obsessed 9-year old kid.

The ‘Bootkitty’ prototype UEFI bootkit contains an exploit for LogoFAIL and was created in a South Korea university program.

Russian authorities have reportedly arrested Mikhail Matveev, who is wanted by the US for ransomware attacks against critical infrastructure.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack Demonstration to learn how hackers operate and gain knowledge to strengthen your defenses against deepfake and BEC fraud.

Register

Learn how to develop a holistic solution that provides you and your team the power to mitigate cyber threats effectively within your OT environment.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 2025, Stay Tuned]

Learn More

SecurityWeek’s CISO Forum Summer Summit & Golf Classic will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

Huddle with your peers to measure the costs, benefits, and risks of deploying machine learning and predictive AI tools in the enterprise, the threat from adversarial AI and deepfakes, and preparation for the inevitable compliance and regulations. (December 4, 2024)

Learn More

SecurityWeek’s Identity & Zero Trust Strategies Summit is laser focused on helping organizations to level up their Identity and Zero Trust security strategies. (Oct. 9, 2024)

Learn More

Vulnerabilities

Cybercrime

Check Point said on Wednesday that its line of secure gateways is now available to organizations using Amazon’s Web Services. The move allows organizations to extend their network security to the cloud, by leveraging virtual appliances such as Check Point’s IPS, App Control, URL Filtering, and Firewall.

In Information Security, you must first define your goals. These goals have to be realistic and inline with the resources at your disposal. One of the questions I like to ask security professionals is, “What is your security strategy?" Amazingly, the response often contains phrases like “We have firewalls and IDS’s on the perimeter”, or “We do vulnerability management using vendor xyz”.

China based NetQin Mobile, a provider of consumer focused mobile security solutions, and Motorola Mobility have inked a deal in which NetQin Mobile Security will be pre-installed on Motorola Android smartphones in China, giving consumers instant access to mobile security out of the box.

Acquisition of EasyLobby Strengthens Portfolio for Physical Access Control, Secure Issuance and Managed Services Markets HID Global, a provider of secure identity and physical access security solutions, today announced that it has acquired EasyLobby, a company that helps manage security of on-site visitors.

AirTight Networks, a provider of wireless security solutions, today announced that SpectraGuard Enterprise, the company’s flagship wireless intrusion prevention solution, has achieved FIPS 140-2 validation, making it certified for deployment within U.S. federal government agencies, including the Department of Defense.

Today more than ever, organizations are examining existing security programs. Those that don’t have a formal security plan in place are thinking about, if not scrambling, to make one. Great security means first identifying your needs and then making a resolution to revamp or create your company’s plan for the New Year. Here are some tips to help lay the groundwork.Assess your Technology

A group of Saudi hackers hit several Israeli targets over the holidays, subsequently releasing credit card details and other personal information on 400,000 individuals. However, the credit firms are stressing that there is no need to panic.Offered with the hope that the release would “hurt the Zionist pocket,” the Saudi group published the sensitive details over the holiday weekend. On Monday, once the list gained mass attention, it disappeared from the Web.

My brief relationship with the Morto worm lasted exactly 5 days, at least that I know of. She may have been lurking in my life for several weeks before that time; there were times when I would just catch a glimpse of her out of the corner of my eye, but I cannot be sure.

Raytheon Expands Cyber Security Capabilities With Acquisition of Henggeler Computer Consultants Defense contractor Raytheon continues to gobble up cyber security services firms, today announcing that it has acquired privately held Henggeler Computer Consultants, Inc., a contracting firm that provides enterprise architecture, analytics, software, cloud-based development solutions.

As 2011 draws to a close, I’ve decided to take a step back and review the past year. Let’s take the lessons learned about software piracy and see how they can be applied in 2012.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

Google has announced the open source availability of Vanir, a patch validation tool for Android platform developers.

Cloud Security

Cloud Security

Veeam releases patches for two vulnerabilities in Service Provider Console, including a critical-severity remote code execution bug.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.